ScreenShot
| Created | 2024.05.31 10:28 | Machine | s1_win7_x6403 |
| Filename | gps_1688.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 7 detected (AIDetectMalware, Save, Malicious, moderate, score, grayware, confidence) | ||
| md5 | c2c6ca7a9dea1fc9708b57d3ae1d9bc7 | ||
| sha256 | b53a20869d2145b135c61cb1fbe5b027f47e2cff1f3dbcf2aa4284ad982b581b | ||
| ssdeep | 6144:rsCwu+mWhJifvtNP/7YXSLB80PcfnMhR3peeYmC6Inht5t:AxmIJQvPkitaIR3pmEInht3 | ||
| imphash | 027ea80e8125c6dda271246922d4c3b0 | ||
| impfuzzy | 48:WOX8LKc1XFjsX1Pfc++6tGYgXBtDXMunCA:WJLKc1XFgX1Pfc++6jsBtDXMunX | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430000 GetLastError
0x430004 SetLastError
0x430008 GetCurrentProcess
0x43000c DeviceIoControl
0x430010 SetFileTime
0x430014 CloseHandle
0x430018 CreateDirectoryW
0x43001c RemoveDirectoryW
0x430020 CreateFileW
0x430024 DeleteFileW
0x430028 CreateHardLinkW
0x43002c GetShortPathNameW
0x430030 GetLongPathNameW
0x430034 MoveFileW
0x430038 GetFileType
0x43003c GetStdHandle
0x430040 WriteFile
0x430044 ReadFile
0x430048 FlushFileBuffers
0x43004c SetEndOfFile
0x430050 SetFilePointer
0x430054 SetFileAttributesW
0x430058 GetFileAttributesW
0x43005c FindClose
0x430060 FindFirstFileW
0x430064 FindNextFileW
0x430068 GetVersionExW
0x43006c GetCurrentDirectoryW
0x430070 GetFullPathNameW
0x430074 FoldStringW
0x430078 GetModuleFileNameW
0x43007c GetModuleHandleW
0x430080 FindResourceW
0x430084 FreeLibrary
0x430088 GetProcAddress
0x43008c GetCurrentProcessId
0x430090 ExitProcess
0x430094 SetThreadExecutionState
0x430098 Sleep
0x43009c LoadLibraryW
0x4300a0 GetSystemDirectoryW
0x4300a4 CompareStringW
0x4300a8 AllocConsole
0x4300ac FreeConsole
0x4300b0 AttachConsole
0x4300b4 WriteConsoleW
0x4300b8 GetProcessAffinityMask
0x4300bc CreateThread
0x4300c0 SetThreadPriority
0x4300c4 InitializeCriticalSection
0x4300c8 EnterCriticalSection
0x4300cc LeaveCriticalSection
0x4300d0 DeleteCriticalSection
0x4300d4 SetEvent
0x4300d8 ResetEvent
0x4300dc ReleaseSemaphore
0x4300e0 WaitForSingleObject
0x4300e4 CreateEventW
0x4300e8 CreateSemaphoreW
0x4300ec GetSystemTime
0x4300f0 SystemTimeToTzSpecificLocalTime
0x4300f4 TzSpecificLocalTimeToSystemTime
0x4300f8 SystemTimeToFileTime
0x4300fc FileTimeToLocalFileTime
0x430100 LocalFileTimeToFileTime
0x430104 FileTimeToSystemTime
0x430108 GetCPInfo
0x43010c IsDBCSLeadByte
0x430110 MultiByteToWideChar
0x430114 WideCharToMultiByte
0x430118 GlobalAlloc
0x43011c GetTickCount
0x430120 SetCurrentDirectoryW
0x430124 GetExitCodeProcess
0x430128 GetLocalTime
0x43012c MapViewOfFile
0x430130 UnmapViewOfFile
0x430134 CreateFileMappingW
0x430138 OpenFileMappingW
0x43013c GetCommandLineW
0x430140 SetEnvironmentVariableW
0x430144 ExpandEnvironmentStringsW
0x430148 GetTempPathW
0x43014c MoveFileExW
0x430150 GetLocaleInfoW
0x430154 GetTimeFormatW
0x430158 GetDateFormatW
0x43015c GetNumberFormatW
0x430160 RaiseException
0x430164 GetSystemInfo
0x430168 VirtualProtect
0x43016c VirtualQuery
0x430170 LoadLibraryExA
0x430174 IsProcessorFeaturePresent
0x430178 IsDebuggerPresent
0x43017c UnhandledExceptionFilter
0x430180 SetUnhandledExceptionFilter
0x430184 GetStartupInfoW
0x430188 QueryPerformanceCounter
0x43018c GetCurrentThreadId
0x430190 GetSystemTimeAsFileTime
0x430194 InitializeSListHead
0x430198 TerminateProcess
0x43019c RtlUnwind
0x4301a0 EncodePointer
0x4301a4 InitializeCriticalSectionAndSpinCount
0x4301a8 TlsAlloc
0x4301ac TlsGetValue
0x4301b0 TlsSetValue
0x4301b4 TlsFree
0x4301b8 LoadLibraryExW
0x4301bc QueryPerformanceFrequency
0x4301c0 GetModuleHandleExW
0x4301c4 GetModuleFileNameA
0x4301c8 GetACP
0x4301cc HeapFree
0x4301d0 HeapAlloc
0x4301d4 HeapReAlloc
0x4301d8 GetStringTypeW
0x4301dc LCMapStringW
0x4301e0 FindFirstFileExA
0x4301e4 FindNextFileA
0x4301e8 IsValidCodePage
0x4301ec GetOEMCP
0x4301f0 GetCommandLineA
0x4301f4 GetEnvironmentStringsW
0x4301f8 FreeEnvironmentStringsW
0x4301fc GetProcessHeap
0x430200 SetStdHandle
0x430204 HeapSize
0x430208 GetConsoleCP
0x43020c GetConsoleMode
0x430210 SetFilePointerEx
0x430214 DecodePointer
EAT(Export Address Table) Library
KERNEL32.dll
0x430000 GetLastError
0x430004 SetLastError
0x430008 GetCurrentProcess
0x43000c DeviceIoControl
0x430010 SetFileTime
0x430014 CloseHandle
0x430018 CreateDirectoryW
0x43001c RemoveDirectoryW
0x430020 CreateFileW
0x430024 DeleteFileW
0x430028 CreateHardLinkW
0x43002c GetShortPathNameW
0x430030 GetLongPathNameW
0x430034 MoveFileW
0x430038 GetFileType
0x43003c GetStdHandle
0x430040 WriteFile
0x430044 ReadFile
0x430048 FlushFileBuffers
0x43004c SetEndOfFile
0x430050 SetFilePointer
0x430054 SetFileAttributesW
0x430058 GetFileAttributesW
0x43005c FindClose
0x430060 FindFirstFileW
0x430064 FindNextFileW
0x430068 GetVersionExW
0x43006c GetCurrentDirectoryW
0x430070 GetFullPathNameW
0x430074 FoldStringW
0x430078 GetModuleFileNameW
0x43007c GetModuleHandleW
0x430080 FindResourceW
0x430084 FreeLibrary
0x430088 GetProcAddress
0x43008c GetCurrentProcessId
0x430090 ExitProcess
0x430094 SetThreadExecutionState
0x430098 Sleep
0x43009c LoadLibraryW
0x4300a0 GetSystemDirectoryW
0x4300a4 CompareStringW
0x4300a8 AllocConsole
0x4300ac FreeConsole
0x4300b0 AttachConsole
0x4300b4 WriteConsoleW
0x4300b8 GetProcessAffinityMask
0x4300bc CreateThread
0x4300c0 SetThreadPriority
0x4300c4 InitializeCriticalSection
0x4300c8 EnterCriticalSection
0x4300cc LeaveCriticalSection
0x4300d0 DeleteCriticalSection
0x4300d4 SetEvent
0x4300d8 ResetEvent
0x4300dc ReleaseSemaphore
0x4300e0 WaitForSingleObject
0x4300e4 CreateEventW
0x4300e8 CreateSemaphoreW
0x4300ec GetSystemTime
0x4300f0 SystemTimeToTzSpecificLocalTime
0x4300f4 TzSpecificLocalTimeToSystemTime
0x4300f8 SystemTimeToFileTime
0x4300fc FileTimeToLocalFileTime
0x430100 LocalFileTimeToFileTime
0x430104 FileTimeToSystemTime
0x430108 GetCPInfo
0x43010c IsDBCSLeadByte
0x430110 MultiByteToWideChar
0x430114 WideCharToMultiByte
0x430118 GlobalAlloc
0x43011c GetTickCount
0x430120 SetCurrentDirectoryW
0x430124 GetExitCodeProcess
0x430128 GetLocalTime
0x43012c MapViewOfFile
0x430130 UnmapViewOfFile
0x430134 CreateFileMappingW
0x430138 OpenFileMappingW
0x43013c GetCommandLineW
0x430140 SetEnvironmentVariableW
0x430144 ExpandEnvironmentStringsW
0x430148 GetTempPathW
0x43014c MoveFileExW
0x430150 GetLocaleInfoW
0x430154 GetTimeFormatW
0x430158 GetDateFormatW
0x43015c GetNumberFormatW
0x430160 RaiseException
0x430164 GetSystemInfo
0x430168 VirtualProtect
0x43016c VirtualQuery
0x430170 LoadLibraryExA
0x430174 IsProcessorFeaturePresent
0x430178 IsDebuggerPresent
0x43017c UnhandledExceptionFilter
0x430180 SetUnhandledExceptionFilter
0x430184 GetStartupInfoW
0x430188 QueryPerformanceCounter
0x43018c GetCurrentThreadId
0x430190 GetSystemTimeAsFileTime
0x430194 InitializeSListHead
0x430198 TerminateProcess
0x43019c RtlUnwind
0x4301a0 EncodePointer
0x4301a4 InitializeCriticalSectionAndSpinCount
0x4301a8 TlsAlloc
0x4301ac TlsGetValue
0x4301b0 TlsSetValue
0x4301b4 TlsFree
0x4301b8 LoadLibraryExW
0x4301bc QueryPerformanceFrequency
0x4301c0 GetModuleHandleExW
0x4301c4 GetModuleFileNameA
0x4301c8 GetACP
0x4301cc HeapFree
0x4301d0 HeapAlloc
0x4301d4 HeapReAlloc
0x4301d8 GetStringTypeW
0x4301dc LCMapStringW
0x4301e0 FindFirstFileExA
0x4301e4 FindNextFileA
0x4301e8 IsValidCodePage
0x4301ec GetOEMCP
0x4301f0 GetCommandLineA
0x4301f4 GetEnvironmentStringsW
0x4301f8 FreeEnvironmentStringsW
0x4301fc GetProcessHeap
0x430200 SetStdHandle
0x430204 HeapSize
0x430208 GetConsoleCP
0x43020c GetConsoleMode
0x430210 SetFilePointerEx
0x430214 DecodePointer
EAT(Export Address Table) Library